BDO’s Technology, Risk & Security (TRS) Services practice is growing rapidly and we are looking for a Senior Consultant to join our team in Toronto. The TRS practice provides a variety of services to our clients. The successful candidate will focus primarily on providing Advisory and Assurance based services to clients in various industries and also get a chance to work on cyber security and digital transformation engagements. Our TRS Practice identifies and addresses enterprise issues, improves business performance and assists with IT governance and strategy, information security and privacy, IT controls evaluation, design and implementation, control assurance and framework alignment.
We are seeking a full time Senior Consultant to work in the GTA to deliver SOC and IT Security engagements. In this role, you will support key services including:
- IT General Controls and application control audits and assessments
- IT Controls assessment for compliance with SOX/52-109/PCI
- SOC 1, SOC 2 and SOC 3 audits of controls (CSAE 3416, SSAE 16, ISAE3402, etc.)
- Cybersecurity and Technology Risk
- IT infrastructure security reviews
- Data conversion reviews
- Project governance reviews
- ISO 27001 Assessment
Key Accountabilities and Responsibilities
- Lead and conduct information security assessments. (ISO 2700x, PCI DSS, SSAE 18 SOC 1-3, NIST and CIS CSA Top 20) – readiness and preparation
- Maintain sharing of knowledge through tool development, template enhancements and methodology enhancements. Identify and implement improvements in existing processes and procedures.
- Conduct IT risks and controls assessments, including general IT controls and application controls;
- Maintain up-to-date knowledge of security threats, countermeasures, security tools, processes, and technologies.
- Provide Technology Risk solutions including SOC audits, IT internal audits, IT external audits and CEO/CFO certifications to our broad base of clients
- Evaluate the risks and the adequacy of controls associated with IT, applications, databases and interfaces and business cycle controls
- Preparing IT testing procedures, documenting and testing the IT controls with sufficient detail, and concluding the IT audit
- Leading fieldwork and managing engagement teams as well as coaching and mentoring junior staff members.
- Simultaneously deliver multiple client engagements of varying size, scope and complexity;
- Demonstrate a significant level of self-initiative and autonomy;
- Systematically analyze and identify problems in order to determine the causes and propose solutions; and,
- Act with professionalism and integrity when working with confidential and sensitive information.
Education and Professional Skills/Knowledge
- Bachelor’s degree in information systems, computer science, business and/or related major;
- 4-5 years of relevant experience in assessing technology risks;
- Strong understanding and experience with IT General Controls and controls based audits (e.g., CSAE 3416 and SOC 2) is preferred.
- Strong proficiency in MS Office Products (Word, PowerPoint, Excel and Visio)
- Ability to work in both a collaborative team environment as well as independently when required
- Strong time management and prioritization skills, and ability to multi-task across various projects in a high paced work environment to meet deadlines and manage stakeholder expectations
- Knowledge of COBIT governance framework, Sarbanes-Oxley, ISO 27001, 27002, ITIL, PCI-DSS, etc.;
- Must have one of the related professional certifications such as CISA, CISSP, CRISC or CISM;
- Strong written and verbal communications skills; and,
- Willingness to travel and valid driving license in Canada
- Ability to work both independently, with little supervision and within a team environment.
- Attention to detail and strong organization and analytical skills.
Our Vision: One Firm engaged to make a difference through valued relationships with our people, clients and communities.